From e6f042dadc419f50eba7c162048f5d46769f41f2 Mon Sep 17 00:00:00 2001
From: Thomas Jarosch <thomas.jarosch@intra2net.com>
Date: Sat, 17 Jan 2015 15:58:36 +0100
Subject: [PATCH] Multi process check: Sanitize error messages for illegal
 characters before sending them across the pipe.

The deserializer died while deserializing
a string containing a binary zero.
---
 lib/errorlogger.cpp      | 10 ++++++++--
 test/testerrorlogger.cpp | 19 +++++++++++++++++++
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/lib/errorlogger.cpp b/lib/errorlogger.cpp
index 84f49c578..c7571e643 100644
--- a/lib/errorlogger.cpp
+++ b/lib/errorlogger.cpp
@@ -29,6 +29,8 @@
 #include <sstream>
 #include <vector>
 
+static std::string fixInvalidChars(const std::string& raw);
+
 InternalError::InternalError(const Token *tok, const std::string &errorMsg, Type type) :
     token(tok), errorMessage(errorMsg)
 {
@@ -107,8 +109,12 @@ std::string ErrorLogger::ErrorMessage::serialize() const
         const std::string inconclusive("inconclusive");
         oss << inconclusive.length() << " " << inconclusive;
     }
-    oss << _shortMessage.length() << " " << _shortMessage;
-    oss << _verboseMessage.length() << " " << _verboseMessage;
+
+    const std::string saneShortMessage = fixInvalidChars(_shortMessage);
+    const std::string saneVerboseMessage = fixInvalidChars(_verboseMessage);
+
+    oss << saneShortMessage.length() << " " << saneShortMessage;
+    oss << saneVerboseMessage.length() << " " << saneVerboseMessage;
     oss << _callStack.size() << " ";
 
     for (std::list<ErrorLogger::ErrorMessage::FileLocation>::const_iterator tok = _callStack.begin(); tok != _callStack.end(); ++tok) {
diff --git a/test/testerrorlogger.cpp b/test/testerrorlogger.cpp
index 2db127d69..8c0d6e6f3 100644
--- a/test/testerrorlogger.cpp
+++ b/test/testerrorlogger.cpp
@@ -54,6 +54,7 @@ private:
         // Serialize / Deserialize inconclusive message
         TEST_CASE(SerializeInconclusiveMessage);
         TEST_CASE(DeserializeInvalidInput);
+        TEST_CASE(SerializeSanitize);
 
         TEST_CASE(suppressUnmatchedSuppressions);
     }
@@ -266,6 +267,24 @@ private:
         ASSERT_THROW(msg.deserialize("500foobar"), InternalError);
     }
 
+    void SerializeSanitize() const {
+        std::list<ErrorLogger::ErrorMessage::FileLocation> locs;
+        ErrorMessage msg(locs, Severity::error, std::string("Illegal character in \"foo\001bar\""), "errorId", false);
+
+        ASSERT_EQUALS(std::string("7 errorId") +
+                      std::string("5 error") +
+                      std::string("33 Illegal character in \"foo\\001bar\"") +
+                      std::string("33 Illegal character in \"foo\\001bar\"") +
+                      std::string("0 "), msg.serialize());
+
+        ErrorMessage msg2;
+        msg2.deserialize(msg.serialize());
+        ASSERT_EQUALS("errorId", msg2._id);
+        ASSERT_EQUALS(Severity::error, msg2._severity);
+        ASSERT_EQUALS("Illegal character in \"foo\\001bar\"", msg2.shortMessage());
+        ASSERT_EQUALS("Illegal character in \"foo\\001bar\"", msg2.verboseMessage());
+    }
+
     void suppressUnmatchedSuppressions() {
         std::list<Suppressions::SuppressionEntry> suppressions;